IETF Logo Mail Archive

Re: [nfsv4] NFS over TLS for laptops

Chuck Lever <chuck.lever@oracle.com> Mon, 21 December 2020 16:56 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E848D3A123F for <nfsv4@ietfa.amsl.com>; Mon, 21 Dec 2020 08:56:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOjP8NVQI7Wy for <nfsv4@ietfa.amsl.com>; Mon, 21 Dec 2020 08:56:28 -0800 (PST)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 378043A1240 for <nfsv4@ietf.org>; Mon, 21 Dec 2020 08:56:28 -0800 (PST)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 0BLGs0l5195466; Mon, 21 Dec 2020 16:56:27 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=I4WsPCSeFJuQ3kiAokUtrxFjl6R1cy4l0RRJybVrN2U=; b=N1pCmITAH51ArBXTArtQAd3QCtrKfgmFn96Z6K08EPw5hcZuu7uUbCi5ynY/+oBGnVGp gyTOtPYaVi/JPivKJZpO5jAMG1jPdz7uQiZ5SgqIBUvL+ncN2v+IvBfMRI6VQtq8IRak 09A3Nspkw850rqR5sv/AJgkpP+8G12dfDK+zlmavnznWDdMLas5lhhKd1bD6Vp7E+EZh OhgTRWrvr1ysc/c76wGCt567w4LCYJUFOSd36NAWVH/yQRaY+KkU1t4MikLho4TySz4m EXg+ogPCNiWaRazt7Maj3JH+BlLd2Ld18FTuhUdWcV5jpD+rXSvmJ/gU2MH0eaZ/jzXG EA==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2120.oracle.com with ESMTP id 35h9fkxa70-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 21 Dec 2020 16:56:27 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 0BLGpX7E094538; Mon, 21 Dec 2020 16:54:27 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3030.oracle.com with ESMTP id 35hu3mk6u0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 21 Dec 2020 16:54:26 +0000
Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 0BLGsPHG020805; Mon, 21 Dec 2020 16:54:25 GMT
Received: from anon-dhcp-152.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 21 Dec 2020 08:54:25 -0800
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <YQXPR0101MB09687759005C97725CFC1AFCDDC10@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
Date: Mon, 21 Dec 2020 11:54:24 -0500
Cc: "nfsv4@ietf.org" <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <13B0E10F-0E40-47AC-A6E3-495DF578DCAB@oracle.com>
References: <YQXPR0101MB0968F7BF5A6D7E97F39CC739DDC90@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <A7175D1C-BEBB-4557-8123-FA78C9393E72@oracle.com> <YQXPR0101MB096816C0EA985F65FE6562E5DDC60@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <YQXPR0101MB0968AA3A97C80B8140BFC845DDC60@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <8B3A77F6-15DE-4F4B-B246-385DD447C743@oracle.com> <YQXPR0101MB09680BC1A27265F81C5B5671DDC40@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <DEBCFB38-9A1A-43BB-A8DF-0C64792AF30F@oracle.com> <YQXPR0101MB09689564C0543291E25FB274DDC20@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <YQXPR0101MB09687759005C97725CFC1AFCDDC10@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
To: Rick Macklem <rmacklem@uoguelph.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9842 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxlogscore=999 malwarescore=0 spamscore=0 phishscore=0 suspectscore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012210120
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9842 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 impostorscore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 mlxlogscore=999 phishscore=0 malwarescore=0 adultscore=0 clxscore=1015 spamscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012210121
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/izs-gWiW5H8GOciosWYimOqZlsA>
Subject: Re: [nfsv4] NFS over TLS for laptops
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2020 16:56:30 -0000

Hi Rick -

> On Dec 20, 2020, at 5:48 PM, Rick Macklem <rmacklem@uoguelph.ca> wrote:
> 
> Rick Macklem wrote:
>> Chuck Level wrote:
>> [stuff snipped]
>>> The certificate has a unique identity other than the CN. I was
>>> thinking that unique identity was going to be the key for the
>>> squashing mapping.
>> Not sure what field(s) of a certificate you are referring to?
> I took a look at a CRL and it appears to use SerialNumber to
> refer to s revoked certificate, so I'm guessing that is what
> you are referring to?

Section 5.2.1 used to start this way:

5.2.1.  X.509 Certificates Using PKIX trust

   Implementations are REQUIRED to support this mechanism.  In this
   mode, the tuple (serial number of the presented certificate; Issuer)
   uniquely identifies the RPC peer.

This is quoted from rpc-tls-05. This is the tuple that I meant
as a unique ID for a certificate.

It's also common for cert-based security implementations to use
a certificate's fingerprint for indexing databases or mappings.
Take the SHA-256 hash of the whole cert, and use that, or a
portion of it if a small index is needed.


A pre-shared key (Section 5.2.2 of the current revision), I
believe, cannot carry an otherName payload. For PSK, the only
way to implement identity squashing is for each server to enforce
a mapping of unique IDs (keys) to a set of one or more allowed
users.

And, as mentioned before, when a client does not present any TLS
identity, the server is the only party that can perform identity
squashing.


> Since the serial number is per issuer and I would expect some
> NFS servers will want to handle certificates from multiple issuers,
> I think that the issuerName will be needed in the database key,
> as well.

Correct. As I quoted above, both are part of that unique
tuple.


> For the below certificate, the database key would be:
> Issuer: C = CA, ST = Alberta, L = Jasper, O = MMM, OU = XXX, CN = democa.home.rick, emailAddress = rmacklem@uoguelph.ca
> Serial Number: 2 (0x2)
> 
> Of course, as I think you noted, there is no guarantee that the
> certificates will be correctly generated, to result in the above
> referring uniquely to one certificate.
> 
> Still seems to be an Administrative Hassle to me, rick

In a small deployment, client certificates could be generated
on the NFS server itself. A tool specifically for this purpose
could generate the certificate and update the squashing
configuration at the same time. This can also work for PSK
deployments.

When you have more than one server, some mechanism for sharing
the squashing information is needed. You have proposed adding
that information to the certificates, but that would work only
in the case when each client actually has a certificate.

I expect larger deployments (eg, client fleets in the tens of
thousands and user populations in the hundreds of thousands,
with dozens of servers) to have infrastructure that would make
certificate creation as easy. An administrative host would be
able to create certificates and update an LDAP directory that
is consulted by servers. (Think of Red Hat's "IPA" which
already combines certificate management, Kerberos, and LDAP)

So I still believe that TLS administrative scalability is:

a. better than a Kerberos deployment

b. able to be improved by clever infrastructure and tool chains

---

You said you are not asking the WG to codify the otherName
convention. So, right now, you do not care whether other
implementations interoperate with FreeBSD in this regard. Fair
enough.

And, we agree that securing single-user clients is an important
and common usage scenario.

I expect other implementers will find the same thing. When they
deal with this issue, they might see your implementation and
and copy it. Or they might copy it and add some variations,
since there is no published specification.

And then I can see one or more of them approaching the WG and
asking us to either update rpc-tls or provide a specification
to enable proper interoperation.

Or, possibly, at some point in the future, the WG will be tasked
with updating rpc-tls to reflect implementation practice, part
of which might be otherName.


At that point, we have a real problem. Or maybe just me, as an
author of rpc-tls and possibly its descendants, has that problem.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email